feat: use JWT to verify is_assistant

2024-07-26 21:27:27 +08:00 · 2024-07-26 21:27:27 +08:00 · f9a6956283
commit f9a6956283
parent a43ad92442
3 changed files with 60 additions and 4 deletions
--- a/api/audit.js
+++ b/api/audit.js
@ -44,7 +44,7 @@ router.get("/", async function(req, res) {

 router.post("/", async function(req, res) {
    try {
-        if (req.body.assistant_s_num.length >= 9) {
+        if (!util.is_assistant(req.cookies.token)) {
            return res.json({suc : false, msg : "invalid credentials"})
        }
        let conn;
@ -64,7 +64,6 @@ router.post("/", async function(req, res) {
            res.json({suc : true});
 	    }
 	    catch(e) {
-            console.error(e);
            await conn.rollback();
            res.json({suc : false});
 	    }
@ -77,4 +76,43 @@ router.post("/", async function(req, res) {
    }
 })

-module.exports = router;
+router.get("/log", async function (req, res) {
+    try {
+        let conn;
+	    try {
+	    	conn = await util.getDBConnection(); // get connection from db
+	    	const query = 
+            `
+            SELECT item_form.application_id, item_form.item_info_id, item_info.item_content,
+                item_form.application_unit, 
+                item_form.subsidy,
+                scholarship_application.application_date,
+                scholarship_application.student_id, 
+                student.student_name    
+            FROM 
+                item_form
+            RIGHT JOIN 
+                scholarship_application ON item_form.application_id = scholarship_application.application_id
+            LEFT JOIN 
+                student ON scholarship_application.student_id = student.student_id
+            LEFT JOIN
+                item_info ON item_form.item_info_id = item_info.item_info_id
+            ;
+            `;
+            const result = await conn.query(query);
+            res.json({ success: true, data: result });
+	    }
+	    catch(e) {
+            console.error(e);
+            res.json({suc : false});
+	    }
+	    finally {
+		    util.closeDBConnection(conn); // close db connection
+	    }
+    }
+    catch(e) {
+        console.log(e);
+    }
+})
+
+module.exports = router;
--- a/api/login.js
+++ b/api/login.js
@ -15,7 +15,7 @@ router.post("/", async function(req, res) {
            if (result.length == 1) {
                // valid user, create a token
                let is_assistant = result[0]['is_assistant'] == 1
-                const data = {uid : account, is_assistent: is_assistant};
+                const data = {uid : account, is_assistant: is_assistant};
                const token = util.signJwtToken(data);
                if (!is_assistant){
                    var result = await conn.query("SELECT student_name FROM student WHERE student_id = ? ;", [account]);
--- a/utilities/utilities_main.js
+++ b/utilities/utilities_main.js
@ -34,6 +34,24 @@ module.exports = {
            }
        });
    },
+    is_assistant: function(token) {
+        try {
+            const result = jwt.verify(token, jwt_key).data;
+            console.log(result);
+
+            if (result.is_assistant == true) {
+                console.log("return true");
+                return true;
+            } else {
+                console.log("return false");
+                return false;
+            }
+        } catch (error) {
+            console.log(error);
+            return false;
+        }
+    },
+

    loginAuthentication: function(account, password) {
        return new Promise((resolve, reject) => { // 包裝成 Promise